CJ O wrote:
I am having an issue where FreeRadius is not handing the intermediate CA to a windows WPA2 client. We are in the process of deploying WPA2/AES with PEAP. So we purchased a certificate from a company that has a Trusted Root CA in Windows, Mac OSX, and Linux. However, it was signed with there intermediate CA, so the OS will not vailded the certificate during authentication.
So long as the CA chain is intact, this should work.
The only solution seems to be installing the intermediate CA certifcate on all my clients (2,000-3,000). If it possible to chain the certificates together like you can in Apache?
Yes. But you need to install the CA chain on the RADIUS server. See eap.conf: # If CA_file (below) is not used, then the # certificate_file below MUST include not # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate. certificate_file = ${certdir}/server.pem Odds are you didn't include the intermediate certificates in the RADIUS configuration. Alan DeKok.